regarding the processing of personal data
1. Who is the personal data controller?
ZITEC COM SRL legal entity duly registered under Romanian laws with its registered office located in Splaiul Unirii 165, TNO2 Building, Floor 6, Sector 3, Bucharest Romania, recorded at the Trade Registry under no. J40 / 7701/2003, sole registration code 15496736, acting as a personal data controller (hereinafter referred to as “Zitec“, “Company” or “us“), hereby informs you about processing personal data of the clients’/ potential clients’ employees and/or representatives (“Data Subjects”), given that they represent the clients/ potential clients in relation to us. We invite you to read this document carefully. The Company can be contacted at firstname.lastname@example.org.
2. To whom does this Data Notice apply to?
This Data Note applies to the employees/ collaborators and/or representatives of our clients/ potential clients who represent the latter in their relationship with Zitec.
(The individuals listed above will be referred to as “You” or “Data Subject“).
3. What categories of personal data do we collect about you and for what purposes?
Your data is collected and used by us as a lawful part of managing the business, business development, concluding the contract, delivering results, communicating with customers/ potential customers (e-mail, face-to-face meetings, telephone, communication platforms/ events with the possibility of audio video recording), issuing invoices, sending newsletters, mass emails, events registration, client/ potential client nurturing.
Our company can process the following personal data: e-mail address, photo, first and last name, telephone number, correspondence address, job title, car registration number, audio video recordings, company name.
4. How will we use your personal data, and what is the legal basis?
The Company will process personal data according to the General Data Protection Regulation in one or more of the following cases:
- the use of your personal data is necessary to fulfill the obligations arising from our contract with the client, or
- the use of your personal data is required for the fulfillment of legal obligations, or
- if neither (a) nor (b) applies, we are processing your personal data based on your consent.
5. How do we process and protect your personal data?
We process your data by both electronic and manual means, while protecting it by using appropriate security measures. Thus, the Company will take appropriate administrative, technical, personnel, and physical actions to protect your Personal Data, which are following applicable laws and regulations in the field of privacy and data security, including the appropriate protection of Personal Data against the wrongful use or destruction, loss, alteration, disclosure, selling or accessing the data by accident, illegal, or unauthorized means.
We have security measures in place to prevent unauthorized access, misuse, alteration, destruction or accidental loss of your personal data.
We take appropriate organizational and technical security measures and have rules and procedures in place to ensure that any personal data we hold on our computer systems is not accessed by anyone who should not have access to it.
When we use third party organizations to process information on our behalf, we ask them to demonstrate compliance with our security requirements, with the instructions we may provide, as well as compliance with relevant data protection legislation while they are working with us. These organizations receive instructions from us and their obligations regarding what information they process and what they can do with it are agreed in the contracts we have with them.
Security measures can be found at the following address:
6. Who can access your personal data?
The Company’s staff will generally have access to some of your personal data.
The Company may disclose your Personal Data for the purposes set out in this Data Notice to various companies within the European Union or outside the European Union, as follows:
- your personal data may be transferred to one or more ZITEC affiliates, as required for data processing and storage, to give you access to our applications, and to make decisions about improving our services;
- your personal data may be transferred to cloud-hosted application providers, which are contractually obligated to respect the confidentiality of your personal data and to ensure adequate protection;
- your personal data may be transferred in connection with any reorganization, restructuring, merger or sale, or other transfer of assets (collectively “Economic Transfer”), at a reasonable level and as necessary for the Economic Transfer, provided that the receiving party agrees to respect your personal data in a manner that is compatible with applicable data protection laws;
- Your personal data may be disclosed to public bodies when required by law. ZITEC will respond, for example, to requests from courts, regulatory agencies, and other public and governmental authorities;
- Your personal data may be transferred to Zitec partners;
- In certain circumstances, ZITEC may transfer your personal data to countries outside the European Union (EU) / European Economic Area (EEA), the so-called “third countries”, in compliance with this notice and the applicable law.
7. Is your personal data transferred abroad?
The Company may disclose Personal Data in countries outside the European Union (“EU“) or the European Economic Area (“EEA“). Such transfers to third countries will only take place with your prior notice. All transfers of personal data to countries other than those for which an appropriate decision has been made on the level of data protection by the European Commission, as listed on https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/rules-international-data-transfers_en , is based on contractual arrangements using standard contractual clauses adopted by the European Commission or other appropriate guarantees, under applicable law.
8. What are your rights regarding your Personal Data?
In accordance with the applicable law, you will have the right, at any time:
- to obtain confirmation that your personal data is processed or not, be informed about its content and source, verify its accuracy, and require its correction or update;
- to request deletion or anonymization of your personal data, or to restrict or discontinue using your personal data as permitted by applicable law;
- to object to processing of your personal data; Please note that some personal data can be exempt from such requests for access, correction, or deletion according to the applicable data protection laws and regulations.
- to request the Company to limit the processing of your Personal Data when:
- you dispute the accuracy of the Personal Data, for the required amount of time to allow the Company to take sufficient steps to correct or verify its accuracy;
- processing is illegal, but you do not want us to delete the data;
- we no longer need processing the Personal Data for its intended purpose, but you request it for the ascertainment, use or defense of a right in court; or
- to exercise your right to data portability (when we rely on your consent or the fact that the processing is necessary for the conclusion or execution of the contract you have with us and your personal data could be processed by automated means);
- to lodge a complaint with the relevant supervisory authority;
- the right to not be subject to a decision based solely on automated processing, including profiling.
- Time period: We will try to fulfill your request within 30 days. However, the time limit may be extended for specific reasons related to your request’s specific legal right or complexity.
- Restricting access: In certain situations, we may deny your access to all or some of your personal data due to legal provisions. In such a situation, we will inform you of the reason for the denial.
- Lack of identification: In some cases, we may not be able to search for your personal data based on the identifying information you provide in your request. In such situations, if we are unable to identify you as the data subject, we won’t be able to comply with your request to respect your legal rights described in this section, unless you provide additional information to enable your identification.
9. How long do we process your data for?
The Company will take measures to ensure that the processed personal data is relevant and not excessive for the intended purpose and is accurate and complete to fulfill the purposes described in this Data Notice. Therefore, the Company will retain the personal data for the period necessary to accomplish its purposes described in this Data Notice plus a period of 10 years from the termination of the contract or purposes as described above. After the applicable retention period, the Company will destroy or delete your personal data or will anonymize it in a secure way.
10. Contact us:
If you have questions or requests about Data Processing or need additional information, you may contact us at:
11. Updates to this Data Notice
The Company may amend or update this Data Notice as a result of different interpretations, decisions, and opinions relevant to the applicability of the GDPR. Any changes to this Data Notice will take effect starting the date of publishing them on the Company’s website.
This version was last updated on 23.01.2023.